Sunday, August 29, 2010

Exchange 2010 SP1 Password Reset Tool

Now that SP1 for Exchange 2010 is released, it is time to start exploring some of the new features.  The first in line is the newly release password reset tool (this was also included in Exchange 2007 SP3). 

This has been a long awaited feature since OWA has been in use.  For users that primarily use OWA for email access or are primarily remote access users, administrators have always struggled with resetting user’s password that will force users to change at first logon.  Also users have struggled with remembering to reset their passwords through OWA before the password expired since their was no warning integrated with OWA.

The following is the setting within the user account that forces the user to change their password at next logon:

PW-user acct-markup

When a user tried to login to OWA with an expired password or configured to change their password at next logon, the user would see the following error: “The user name or password you entered isn’t correct. Try entering it again”

pw-OWA before-markup

The Password Reset Tool feature is not active by default.  To activate this feature within Exchange 2010 SP1 (or Exchange 2007 SP3), all that is needed is one registry key:

HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Create DWORD: ChangeExpiredPasswordEnabled with value: 1

PW-registry

After creating the registry entry, an IISReset must be performed.  Now under the same scenario, if a user is configured to change their password at next logon or if their password has expired, the user will see the new message: “Your password has expired and you need to change it before you sign in to Outlook Web App.”

pw-OWA after-markup

Now the user can change their password before logging into OWA:

pw-OWA after3

But that is not all…If a user’s password is set to expire within 14 days, a user will see a warning while they are logged into OWA and will have the option to reset their password:

pw-OWA warning-markup

I think we can all agree that this is a much anticipated feature that has been missing since the inception of OWA!

5 comments: